Whitelist Request: spotr.tv + dapp.spotr.tv — Legitimate dApp flagged by sponsor-pays-gas pattern #495
-
|
Hey @adamdelphantom I'm the founder of SPOTR -- a cultural opinion market on Solana. Players deposit USDC, pick a side on cultural debate questions, write a 140-character argument, and an AI judge decides who argued better. Winners split the pool proportionally. Think structured debate meets prediction markets, but resolution is argument quality, not capital weight. The ProblemPhantom is showing the "this dApp could be malicious" warning on every deposit transaction at Why It's FlaggedWe use a sponsor-pays-gas model so users never need SOL -- only USDC. The deposit is a standard SPL token transfer ( This is the same pattern recommended by Solana for gasless UX. The transaction itself is completely standard -- no custom program invocation on deposits, just a vanilla SPL transfer to a PDA-owned vault. What We've Already Done
Verification Links
The Program Is MinimalThe on-chain program has only 2 active instructions:
User deposits are plain SPL token transfers -- they don't invoke the program at all. The vault ATA is owned by the Config PDA, so only the program can authorize withdrawals. What We're AskingPlease review and merge phantom/blocklist#1819, or whitelist Happy to provide any additional info. Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Update: Resolved! Phantom support (William) identified the issue — our signing order was incorrect. The sponsor (fee payer) was signing before the user wallet. We reversed it:
The warning is now gone. Deposits working cleanly on mainnet. Thanks to Phantom support for the quick and clear guidance. This should help other devs using the sponsor-pays-gas pattern. For assistance resolving this issue, follow the guide here. https://docs.phantom.com/developer-powertools/domain-and-transaction-warnings |
Beta Was this translation helpful? Give feedback.
Update: Resolved!
Phantom support (William) identified the issue — our signing order was incorrect. The sponsor (fee payer) was signing before the user wallet. We reversed it:
signTransaction()partialSign()and submitsThe warning is now gone. Deposits working cleanly on mainnet.
Thanks to Phantom support for the quick and clear guidance. This should help other devs using the sponsor-pays-gas pattern.
For assistance resolving this issue, follow the guide here. https://docs.phantom.com/developer-powertools/domain-and-transaction-warnings